Mozilla bug bounty now more than £6,000

Firefox has more than doubled the reward it gives to anyone finding a serious flaw in its browser. Finding severe bugs, such as those leading to remote code execution without requiring other vulnerabilities, now pays more than $10,000 (£6,470).

Engineer Raymond Forbes says the bounty had not been updated in five years and had fallen out of step.

"The amount awarded was increased to $3000 five years ago and it is definitely time for this to be increased again," Forbes says.

"We have dramatically increased the amount of money that a vulnerability is worth [and] we are moving to a variable payout based on the quality of the bug report, the severity of the bug, and how clearly the vulnerability can be exploited.

"Finally, we looked into how we decide what vulnerability is worth a bounty award."

Finding critical vulnerabilities which could seriously hurt Mozilla users were previously awarded with $3,000 (£1,940), while smaller vulnerabilities were paid less. The lesser vulnerabilities are now worth more than $2,000 (£1,290).

“The bounty program encourages the earliest possible reporting of these potentially exploitable bugs. A bounty may be paid for some moderate rated client security bugs at the discretion of the Bug Bounty Committee. If a bounty is paid for a moderate rated security issue, the amount will be between $500 (£323) and $2000 (£1,290), depending on the severity of impact for the issue as determined by Bug Bounty Committee,” it says on the Mozilla Bug Bounty website.